Export limit exceeded: 362524 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1330 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0029 1 Microsoft 2 Excel, Office 2026-04-16 N/A
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
CVE-2006-0009 1 Microsoft 2 Office, Works 2026-04-16 N/A
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
CVE-2006-0008 1 Microsoft 3 Office, Windows 2003 Server, Windows Xp 2026-04-16 N/A
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
CVE-2006-0007 1 Microsoft 1 Office 2026-04-16 N/A
Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
CVE-2006-0004 1 Microsoft 1 Office 2026-04-16 N/A
Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
CVE-2006-0002 1 Microsoft 3 Exchange Server, Office, Outlook 2026-04-16 N/A
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
CVE-2006-1540 1 Microsoft 1 Office 2026-04-16 N/A
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string.
CVE-2006-2389 1 Microsoft 1 Office 2026-04-16 N/A
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
CVE-2006-0001 1 Microsoft 2 Office, Publisher 2026-04-16 N/A
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
CVE-2002-0727 1 Microsoft 2 Office Web Components, Project 2026-04-16 N/A
The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
CVE-2002-0618 1 Microsoft 2 Excel, Office 2026-04-16 N/A
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
CVE-2000-0419 1 Microsoft 10 Access, Excel, Frontpage and 7 more 2026-04-16 N/A
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
CVE-2002-1339 1 Microsoft 1 Office Web Components 2026-04-16 N/A
The "XMLURL" property in the Spreadsheet component of Office Web Components (OWC) 10 follows redirections, which allows remote attackers to determine the existence of local files based on exceptions, or to read WorkSheet XML files.
CVE-2006-0033 1 Microsoft 1 Office 2026-04-16 N/A
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
CVE-2004-0573 1 Microsoft 5 Frontpage, Office, Publisher and 2 more 2026-04-16 N/A
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
CVE-1999-1259 1 Microsoft 1 Office 2026-04-16 N/A
Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.
CVE-2002-0615 1 Microsoft 2 Excel, Office 2026-04-16 N/A
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".
CVE-2002-1338 1 Microsoft 1 Office Web Components 2026-04-16 N/A
The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files.
CVE-2002-1340 1 Microsoft 1 Office Web Components 2026-04-16 N/A
The "ConnectionFile" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception.
CVE-2002-0152 1 Microsoft 6 Entourage, Excel, Ie and 3 more 2026-04-16 N/A
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.